Copycat traffic infringement notice

Copycat traffic infringement notice

A new traffic infringement notice was snared by our email filters today. It is similar to fake notices stopped on the 30/4/2015. Both emails claim to be from the Australian Federal Police (AFP). Both assert that the recipient has committed a traffic infringement, and they both direct you to a site that installs ransomware on your PC.

We have reproduced the latest email as Figure A. Figure B is the email we received on the 30th of April 2015. The latest email uses “AFP” as the email sender. The email domain is not an Australian government domain. The subject line of the email is “Driving violation info ref. No 273793657457”. The email uses a copy of the AFP logo. A bold heading in large type with the words “Driving violation information” in uppercase is in the right hand corner of the email.

Figure A – Click to Enlarge

The reason given for the notice is “inattentive car driving”. The recipient is informed that the offence occurred on the 7/4/2015. The deadline of for payment of the fine is 7/5/2015. The amount of the fine is AUD168.01. The footer reads “AFP Australia 2015”.

Comparing Figure A to Figure B shows differences in wording. The footers are different, as is the reason for the notice. The dates are different. There are several other differences, but the look of the emails is similar. We suspect this campaign originates from a different group. The group has copied the earlier email. The email will direct you to a site that prompts you to download what looks like a PDF file. The PDF file contains ransomware. Once installed on your PC it will lock Office documents and pictures.

Figure B – Click to Enlarge

There are several signs that this email is a fake. The grammar of the email is poor. The links lead to a malicious site. They do not lead to the AFP site. The AFP has posted a media release warning users. Delete this email if you receive it.